ATG Personalization Programming Guide

User Directory Security

The Dynamo User Directory functions both as an organizational tool and as a security tool. As an administrator, you can allow or deny access to specific repository items and to specific properties of those repository items. The Dynamo User Directory accesses two repositories to store information and to implement the security system that controls repository items. These repositories are the profile repository and the Admin SQL repository.

ATG products work with two types of repositories: “concrete” repositories, which actually hold data, and “secure” repositories, which perform security checking. Rather than adding security checking directly to a concrete repository, a secure repository wraps a concrete repository. This secure repository has the same API, behavior, and data as the underlying concrete repository. In general, invoking a method on a secure repository works the same as invoking the same method on a concrete repository, but with one essential difference: the secure wrapper applies security checks as needed, before and after calling the concrete repository to do the work of retrieving items from the database. This security system has two major benefits:

All repository implementations, including any that you add in the future, can use this secure repository wrapper. This is much easier than having to add security as a feature in each new repository implementation.

You don’t need to do anything to configure this security setup. By default, the ACC accesses secure repositories, not their underlying concrete repository counterparts.